A new study shows that, like most legitimate goods, stolen data travels through a supply chain made up of manufacturers, suppliers and consumers. This chain includes the interconnection of several criminal organizations operating in illegal underground markets.
The supply chain of the stolen data looks like this:
- Hackers (manufacturers) use vulnerable systems and steal confidential information - information about bank cards and accounts, as well as passport data;
- "Wholesalers" and distributors sell stolen information;
- Consumers buy data and use it to carry out cyberattacks such as financial fraud, identity theft and phishing attacks.
This supply chain is powered by darknet marketplaces. According to the expert, several thousand sellers are selling tens of thousands of stolen data on 30 dark web marketplaces. Suppliers' income for 8 months amounted to more than $140 million.
One of the largest markets was Silk Road, closed in 2013 after founder Ross Ulbricht was arrested. Moreover, after this incident, many new markets opened up on the dark web to make up for the loss of a large store.
A study by Arstechnika experts showed that 30 marketplaces have an average of 2,158 sellers who put up for sale at least one of the 96,672 product lists.
Sellers and listings of digital products are unevenly distributed across markets. On average, there were 109 unique supplier nicknames and 3,222 lists of stolen data on marketplaces. Marketplaces generated 632,207 sales totaling $140.3 million. However, sales vary widely across markets. Stores averaged 26,342 sales worth $5.8 million.
The researchers identified 3 largest trading platforms - "Apollon", "WhiteHouse" and "Agartha" - they account for 58% of all sellers. Their stats for 8 months:
- number of announcements - 38-16 296 items;
- total number of sales - up to 237,512 units;
- total revenue up to $91.5 million for the most successful market - Agartha.
The study described a thriving underground economy and illicit supply chain powered by darknet markets. As long as hackers routinely steal personal data, there will be markets to sell it. Underground marketplaces are difficult to eliminate directly, but efforts to prevent buyers of stolen data from using them could weaken the underground economy.
Experts believe that advances in artificial intelligence are able to gather the necessary information to prevent stolen data from being used to commit fraud. This could bring the supply chain to a halt and disrupt shady trade relationships.